@ -39,49 +39,61 @@
- name : Download the CSR to local
fetch:
src : "/etc/ssl/csr/{{ certificate.slug }}.csr"
dest : "loot/csr/ {{ certificate.slug }}.csr"
dest : "loot/csr/ ext/ {{ certificate.slug }}.csr"
flat : yes
- name : Create directories for CSRs and certificates
become : true
file:
state : directory
name : "{{ item }}"
owner : root
group : root
mode : u=rwx,g=rx,o=rx
loop:
- /etc/ssl/csr/ext
- /etc/ssl/certs/ext
- name : Upload the CSR to CA server
become : true
copy:
# FIXME: on devrait faire un répertoire "incoming" pour
# pas réecrire la CSR et le certificat de l'AC !
src : "loot/csr/{{ certificate.slug }}.csr"
dest : "/etc/ssl/csr/{{ certificate.slug }}.csr"
src : "loot/csr/ ext/ {{ certificate.slug }}.csr"
dest : "/etc/ssl/csr/ ext/ {{ certificate.slug }}.csr"
owner : root
group : root
mode : u=r,g=r,o=r
delegate_to : "{{ openssl_ca_host }}"
- name : Generate the certificate from CSR
become : yes
openssl_certificate:
ownca_privatekey_path : "/etc/ssl/private/{{ root_ca.slug }}.pem"
ownca_path : "/etc/ssl/certs/{{ root_ca.slug }}.pem"
csr_path : "/etc/ssl/csr/ {{ certificate.slug }}.csr"
path : "/etc/ssl/certs/ {{ certificate.slug }}.pem"
ownca_privatekey_path : "/etc/ssl/private/{{ hostvars[openssl_ca_host]. root_ca.slug }}.pem"
ownca_path : "/etc/ssl/certs/{{ hostvars[openssl_ca_host]. root_ca.slug }}.pem"
csr_path : "/etc/ssl/csr/ ext/ {{ certificate.slug }}.csr"
path : "/etc/ssl/certs/ ext/ {{ certificate.slug }}.pem"
owner : root
group : root
mode : u=r,g=r,o=r
provider : ownca
ownca_not_before : "{{ certificate.not_before }}"
ownca_not_after : "{{ certificate.not_after }}"
ownca_locality_name : "{{ root_ca.locality_name }}"
ownca_country_name : "{{ root_ca.country_name }}"
ownca_organization_name : "{{ root_ca.organization_name }}"
ownca_locality_name : "{{ hostvars[openssl_ca_host].root_ca.locality_name }}"
ownca_country_name : "{{ hostvars[openssl_ca_host].root_ca.country_name }}"
delegate_to : "{{ openssl_ca_host }}"
- name : Retrieve the certificate
fetch:
src : "/etc/ssl/certs/ {{ certificate.slug }}.pem"
dest : "loot/certs/ {{ certificate.slug }}.pem"
src : "/etc/ssl/certs/ ext/ {{ certificate.slug }}.pem"
dest : "loot/certs/ ext/ {{ certificate.slug }}.pem"
flat : yes
delegate_to : "{{ openssl_ca_host }}"
- name : Send the certificate to host
become : yes
copy:
src : "loot/certs/ {{ certificate.slug }}.pem"
src : "loot/certs/ ext/ {{ certificate.slug }}.pem"
dest : "/etc/ssl/certs/{{ certificate.slug }}.pem"
owner : root
group : root